- Intel employees information leaked by way of login flaws, exposing delicate firm info
- A single manipulated portal uncovered over 270,000 Intel worker particulars
- Hardcoded credentials on inner portals raised severe safety considerations
Delicate details about each Intel worker was reportedly accessible to anybody in a position to exploit weaknesses within the agency’s inner websites, an professional has claimed.
Safety researcher Eaton Z, who described the failings in a prolonged weblog publish, discovered a enterprise card portal utilized by Intel employees contained a login system which could possibly be simply manipulated.
By altering how the applying verified customers, Eaton managed to entry information with no need legitimate credentials.
An information file of huge scale
What started as a small discovery rapidly expanded, because the system uncovered much more info than its perform required. As soon as deeper entry was achieved, the outcomes grew to become troublesome to dismiss.
Eaton described downloading a file approaching one gigabyte in dimension that contained the non-public particulars of Intel’s 270,000 staff.
These information included names, roles, managers, addresses, and telephone numbers. The dimensions of the leak suggests dangers past easy embarrassment.
The discharge of such information into the fallacious fingers may feed id theft, phishing schemes, or social engineering assaults.
The scenario was not restricted to a single susceptible system, as Eaton reported three different Intel web sites could possibly be accessed with related methods.
Inner websites such because the “Product Hierarchy” and “Product Onboarding” portals contained hardcoded credentials that had been simply decrypted.
One other company login web page for Intel’s provider website may be bypassed.
Collectively, these weaknesses fashioned a number of overlapping doorways into the corporate’s inner setting, a troubling image for a enterprise that steadily emphasizes the significance of digital belief.
Intel was contacted concerning the points beginning in October 2024, and the corporate finally fastened the failings by late February 2025.
Nevertheless, Eaton didn’t obtain bug bounty compensation, as Intel’s program excluded these instances by way of particular circumstances.
The one communication from the corporate was described as an automatic response, elevating questions on how significantly the disclosures had been dealt with.
Trendy-day cybersecurity is complicated; organizations might deploy firewall protections and safety suites, but easy oversights in utility design can nonetheless expose important programs.
Even after patches are utilized, the incident demonstrates that vulnerabilities will not be all the time unique flaws buried in {hardware}.
